CVE-2003-0040
courier-ssl - missing input sanitizing
EPSS 0.49%
Description
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
How to fix CVE-2003-0040
To remediate CVE-2003-0040, upgrade the affected package to a fixed version below.
- Debian/courier—upgrade to 0.40.2-3 or later
- Debian/courier—upgrade to 0.37.3-3.3 or later
Is CVE-2003-0040 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.40.2-3
- from 0, < 0.37.3-3.3